Committed Access Rate CAR

CAR provides policing functions and marking. Chapter 5, "Traffic Policing and Shaping," covers the policing details of CAR and CB policing. However, a quick review of policing before getting into CAR's marking features will help you appreciate why CAR includes marking.

Policing, in its most basic form, discards traffic that exceeds a particular traffic contract. The contract has two components: a rate, stated either in bits per second or bytes per second; and a burst size, stated in either bits or bytes. The traffic conforms to the contract if it sends at the rate, or below, and it does not send a burst of traffic greater than the burst size. If the traffic exceeds the traffic rate over time, or exceeds the single burst size limit, the policing function drops the traffic in excess of the rate and the burst size. Therefore, the simplest form of policing has two rigid actions: either to forward packets or to drop them.

CAR's marking function allows for additional policing action besides just forwarding or dropping a packet. Consider a typical case where policing is used, as in Figure 3-14. ISP1 needs to police traffic to protect customers who conform to their contracts from congestion created by customers who do not conform. If the network is not congested, however, it might be nice to go ahead and forward the nonconforming customer traffic. Doing so doesn't really cost the ISP anything, so long as the network is not congested. If the network is congested, however, ISP1 wants to discard the traffic that exceeds the contract before discarding traffic that is within its respective contract.

Figure 3-14 Policing: Excess Traffic Marked with Higher Discard Value

Figure 3-14 Policing: Excess Traffic Marked with Higher Discard Value

Direction of Flow of Packets in This Example

For instance, the conforming traffic can be marked with DSCP AF41, and the nonconforming traffic with DSCP Default. The congestion-avoidance QoS tools in ISP1 can be configured to aggressively discard all DSCP Default traffic at the first signs of congestion. So, when ISP1 experiences congestion, policing indirectly causes the excess traffic to be discarded; in periods of no congestion, ISP1 provides service beyond what the customer has paid for.

You can also use CAR to just mark the traffic. CAR classifies traffic based on a large number of fields in the packet header, including anything that can be matched with an IP ACL. Once matched, CAR can be configured to do one action for conforming traffic, and another for excess traffic. If the two actions (conform and exceed actions) are the same action, in effect, CAR has not policed, but rather has just marked packets in the same way.

CAR configuration includes the classification, marking, and enabling features all in a single configuration command: the rate-limit interface subcommand. (CB marking, you may recall, separates classification, marking, and enabling on an interface into three separate commands.) Tables 3-11, 3-12, and 3-13 list the pertinent CAR configuration and exec commands, respectively.

Table 3-11 Configuration Command Reference for CAR

Command

Mode and Function

rate-limit {input | output} [access-group [rate-limit]

acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action

Interface mode; configures classification, marking, policing, and enabling CAR on the interface

access-list rate-limit acl-index {precedence | mac-address | exp mask mask}

Global mode; creates a CAR ACL, which can match IP precedence, MAC addresses, and MPLS Experimental bits

Table 3-12 Possible Actions with CAR rate-limit Command

rate-limit Conform and Exceed Options

Function

Continue

Evaluates the next rate-limit command

Drop

Drops the packet

set-dscp-continue

Sets the differentiated services code point (DSCP) (0-63) and evaluates the next rate-limit command

set-dscp-transmit

Sets the DSCP and transmits the packet

set-mpls-exp-continue

Sets the MPLS Experimental bits (0-7) and evaluates the next rate-limit command

set-mpls-exp-transmit

Sets the MPLS Experimental bits (0-7) and sends the packet

set-prec-continue

Sets the IP precedence (0-7) and evaluates the next rate-limit command

set-prec-transmit

Sets the IP precedence (0-7) and sends the packet

set-qos-continue

Sets the QoS group ID (1-99) and evaluates the next rate-limit command

set-qos-transmit

Sets the QoS group ID (1-99) and sends the packet

Transmit

Sends the packet

Table 3-13 Exec Command Reference for CAR

Command

Function

show interfaces [interface-type interface-number] rate-limit

Displays CAR statistics on the interface specified, or on all interfaces if the interface is not specified

show access-lists rate-limit [acl-index]

Lists information about the configuration of rate-limit ACLs

The first CAR marking example, shown in Example 3-5, uses the following criteria for marking packets. In this example, R3 is marking packets that flow right to left in Figure 3-15. (This example's criteria matches that in Example 3-1 for CB marking.)

• All VoIP payload traffic is marked with DSCP EF.

• All other traffic is marked with DSCP Default.

Figure 3-15 CAR Marking Sample 1: VoIP Marked with DSCP EF, Everything Else Marked BE

Figure 3-15 CAR Marking Sample 1: VoIP Marked with DSCP EF, Everything Else Marked BE

Example 3-5 CAR Marking, VoIP as DSCP EF, Everything Else as BE

no ip cef

access-list 102 permit udp any range 16384 32768 any range 16384 32768

interface fastethernet 0/0 rate-limit input access-group 102 10000 20000 30000 conform-action set-dscp-transmit 46 exceed-action set-dscp-transmit 46 rate-limit input 10000 20000 30000 conform-action set-dscp-transmit 0 exceed-action set-dscp-transmit 0

The configuration does not take nearly as many different commands as the CB marking example, because most of the interesting parameters are contained in the rate-limit commands. Cisco Express Forwarding (CEF) is disabled, just to make the point that although you can use CEF with CAR, it is not required. ACL 102 defines some classification parameters that CAR will use to match VoIP packets, looking at UDP ports between 16,384 and 32,767. The ACL logic matches all VoIP payload, but it will also match VoIP Real Time Control Protocol (RTCP) traffic, which uses the odd-numbered UDP ports in the same port range. Finally, two rate-limit commands under FA0/0 enable CAR, define policing limits, classification details, and marking details.

The first of the two rate-limit commands matches a subset of all traffic using classification, whereas the second rate-limit command just matches all traffic. CAR uses the information configured in these two commands sequentially; in other words, if a packet matches the first CAR statement's classification details, the statement is matched, and its actions are followed. If not, CAR compares the next statement, and so on. In this example, the first CAR rate-limit command matches VoIP packets by referring to ACL 102, and the second statement, because it does not refer to an ACL, matches all packets.

NOTE CAR can actually match multiple statements on the same interface. Some CAR actions include the keyword continue, which means that even after the statement is matched, CAR should keep searching the statements for further matches. This allows CAR to nest statements, to perform features such as "police all traffic at 500 kbps, but police subsets at 250 kbps, 200 kbps, and 150 kbps."

Now examine the first rate-limit command, rate-limit input access-group 102 10000 20000 30000 conform-action set-dscp-transmit 46 exceed-action set-dscp-transmit 46, in detail. The input keyword means that CAR examines traffic entering the interface. The access-group

102 command means that packets permitted by ACL 102 are considered to match this rate-limit command. The next three values represent the committed rate, the burst size, and the excess size, which make up the traffic contract. The conform-action keyword identifies that the next parameter defines the action applied to conforming traffic, and the exceed-action keyword identifies that the next parameter defines the action applied to traffic that exceeds the traffic contract. In this example, both the conform and exceed actions are identical: set-dscp-transmit 46, which marks the DSCP value to decimal 46, or DSCP EF. (The rate-limit command does not allow the use of DSCP names.)

In this example, the actual traffic contract does not matter, because the actions for conforming traffic and excess traffic are the same. The true goal of this example is just to use CAR to mark packets VoIP—not to actually police the traffic. Chapter 5 includes CAR examples with different conform and exceed actions. The three values represent the committed rate (bps), the committed burst size (bytes), and the committed burst plus the excess burst (bytes). The excess burst parameter essentially provides a larger burst during the first measurement interval after a period of inactivity. (Chapter 5 covers the details of these settings.)

The second rate-limit command, rate-limit input 10000 20000 30000 conform-action set-dscp-transmit 0 exceed-action set-dscp-transmit 0, matches all remaining traffic. The only way that CAR can classify packets is to refer to an IP ACL, or a CAR rate-limit ACL, from the rate-limit command. The second rate-limit command does not refer to an ACL with the access-group keyword, so by implication, the statement matches all packets. Both actions set the DSCP value to zero. Essentially, this example uses CAR to mark traffic with either DSCP 46 or 0 (decimal), without discarding any packets due to policing.

The second sample CAR configuration, Example 3-6, includes classification options similar to CB marking Example 3-4. Because CAR cannot take advantage of NBAR, CAR cannot look at the URL for HTTP requests, as the CB marking example did. The slightly modified criteria for CAR marking in Example 3-6 is as follows:

• VoIP payload is marked with DSCP EF.

• NetMeeting voice and video from Serverl to Clientl is marked with DSCP AF41.

• Any HTTP traffic is marked with AF22.

• All other traffic is marked with DSCP Default.

Figure 3-16 shows the network in which the configuration is applied, and Example 3-6 shows the configuration.

Figure 3-16 CAR Marking Sample 2 Network

Client1

Mark

-r-DIOD

Mark VoIP as DSCP EF Mark NetMeeting as DSCP AF41 Mark HTTP as DSCP AF22 Mark All Else with DSCP Default

1001 1002

3001 3002

1001 1002

3001 3002

Example 3-6 CAR Marking Sample 2: VoIP, NetMeeting Audio/Video, HTTP URLs, and Everything Else no ip cef

access-list 110 permit udp any range 16384 32768 any range 16384 32768

access-list 111 permit udp host 192.168.1.100 gt 16383 192.168.3.0 0.0.0.255 gt 16383

access-list 112 permit tcp any eq www any access-list 112 permit tcp any any eq www interface fastethernet 0/0

rate-limit input access-group 111 8000 20000 30000 conform-action set-dscp-transmit 34 exceed-action set-dscp-transmit 34 rate-limit input access-group 110 8000 20000 30000 conform-action set-dscp-transmit 46 exceed-action set-dscp-transmit 46 rate-limit input access-group 112 8000 20000 30000 conform-action set-dscp-transmit 20 exceed-action set-dscp-transmit 20

Example 3-6 CAR Marking Sample 2: VoIP, NetMeeting Audio/Video, HTTP URLs, and Everything Else (Continued)

rate-limit input 8000 20000 30000 conform-action set-dscp-transmit 0 exceed-action set-dscp-transmit 0

R3#show interface fastethernet 0/0 rate-limit

Fastethernet0/0 connected to SW2, where Server1 is connected Input matches: access-group 111

params: 8000 bps, 20000 limit, 30000 extended limit conformed 1346 packets, 341169 bytes; action: set-dscp-transmit 34 exceeded 2683 packets, 582251 bytes; action: set-dscp-transmit 34 last packet: 56ms ago, current burst: 29952 bytes last cleared 00:07:11 ago, conformed 6000 bps, exceeded 10000 bps matches: access-group 110

params: 8000 bps, 20000 limit, 30000 extended limit conformed 6118 packets, 452856 bytes; action: set-dscp-transmit 46 exceeded 34223 packets, 2552218 bytes; action: set-dscp-transmit 46 last packet: 12ms ago, current burst: 29989 bytes last cleared 00:07:11 ago, conformed 8000 bps, exceeded 47000 bps matches: access-group 112

params: 8000 bps, 20000 limit, 30000 extended limit conformed 677 packets, 169168 bytes; action: set-dscp-transmit 20 exceeded 3631 packets, 5084258 bytes; action: set-dscp-transmit 20 last packet: 8ms ago, current burst: 29638 bytes last cleared 00:07:12 ago, conformed 3000 bps, exceeded 94000 bps matches: all traffic params: 8000 bps, 20000 limit, 30000 extended limit conformed 671 packets, 279572 bytes; action: set-dscp-transmit 0

The show interface Fastethernet 0/0 rate-limit command lists the pertinent statistical information about CAR's performance. The output has one stanza correlating to each rate-limit command on the interface, as highlighted in the example. Under each stanza, the number of packets and bytes that conformed, and the number of packets and bytes that exceeded the traffic contract, are listed. Because this CAR configuration was intended only for marking traffic, the number of packets and bytes in each category does not matter; Chapter 5 takes a closer look at the two values. For comparison purposes, however, consider the bps rates of the combined conformed and exceeded values. For instance, the second rate-limit command referenced ACL 110, which matched the two VoIP calls between R1 and R4. These two values total 55 kbps, which is the amount of traffic expected from a pair of G.729a calls over an Ethernet network.

Advance SEO Techniques

Advance SEO Techniques

Turbocharge Your Traffic And Profits On Auto-Pilot. Would you like to watch visitors flood into your websites by the 1,000s, without expensive advertising or promotions? The fact is, there ARE people with websites doing exactly that right now. How is that possible, you ask? The answer is Advanced SEO Techniques.

Get My Free Ebook


Post a comment